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1 General storage protection techniques: Securing distributed storage: challenges. 
^ techniques , and systems 
Vishal Kher, Yongdae Kim 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 
survivability StorageSS '05 

Publisher: ACM Press 

Full text available: Qpdf(294.61 KB) Additional Information: full citation , abstract , references , index terms 

The rapid increase of sensitive data and the growing number of government regulations 
that require longterm data retention and protection have forced enterprises to pay serious 
attention to storage security. In this paper, we discuss important security issues related 
to storage and present a comprehensive survey of the security services provided by the 
existing storage systems. We cover a broad range of the storage security literature, 
present a critical review of the existing solutions, compare ... 



Keywords: authorization, confidentiality, integrity, intrusion detection, privacy 



Decentralized storage systems: Ivy: a read/write peer-to-peer file system 
Athicha Muthitacharoen, Robert Morris, Thomer M. Gil, Benjie Chen 
December 2002 ACM SIGOPS Operating Systems Review, volume 36 issue si 
Publisher: ACM Press 

Full text available: ^pdf(165 MB) Additional Information: full citation , abstract , references 

Ivy is a multi-user read/write peer-to-peer file system. Ivy has no centralized or 
dedicated components, and it provides useful integrity properties without requiring users 
to fully trust either the underlying peer-to-peer storage system or the other users of the 
file system .An Ivy file system consists solely of a set of logs, one log per participant. Ivy 
stores its logs in the DHash distributed hash table. Each participant finds data by 
consulting all logs, but performs modifications by appendi ... 

Dy namic Me t adata Mana g ement for Petab y te- Sc ale File Systems 
Sage A. Weil, Kristal T. Pollack, Scott A. Brandt, Ethan L. Miller 

November 2004 Proceedings of the 2004 ACM/IEEE conference on Supercomputing 
Publisher: IEEE Computer Society 

Full text available: ^ pdfd 75.04 KB) Additional Information: full citation , abstract 

In petabyte-scale distributed file systems that decouple read and write from metadata 
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operations, behavior of the metadata server cluster will be critical to overall system 
performance and scalability. We present a dynamic subtree partitioning and adaptive 
metadata management system designed to efficiently manage hierarchical metadata 
workloads that evolve over time. We examine the relative merits of our approach in the 
context of traditional workload partitioning strategies, and demonstrate the ... 

The Vesta parallel file system 
Peter F. Corbett, Dror G. Feitelson 

August 1996 ACM Transactions on Computer Systems (TOCS), volume 14 issue 3 
Publisher: ACM Press 

Full text available* US) pdf(649 08 KB) Additional Information: full citation , abstract , references , citings , index 
* iZil terms , review 

The Vesta parallel file system is designed to provide parallel file access to application 
programs running on multicomputers with parallel I/O subsystems. Vesta uses a new 
abstraction of files: a file is not a sequence of bytes, but rather it can be partitioned into 
multiple disjoint sequences that are accessed in parallel. The partitioning— which can also 
be changed dynamically— reduces the need for synchronization and coordination during 
the access. Some control over the layout ... 

Keywords: data partitioning, parallel computing, parallel file system 



5 Services: ELF: an efficient log-structured flash file system for micro sen sor nodes 
Hui Dai, Michael Neufeld, Richard Han 

November 2004 Proceedings of the 2nd international conference on Embedded 
networked sensor systems 

Publisher: ACM Press 

Full text available: ^ pdf(291.68 KB ) Additional Information: full citation , abstract , refe ren c es, i ndex terms 

An efficient and reliable file storage system is important to micro sensor nodes so that 
data can be logged for later asynchronous delivery across a multi-hop wireless sensor 
network. Designing and implementing such a file system for a sensor node faces various 
challenges. Sensor nodes are highly resource constrained in terms of limited runtime 
memory, limited persistent storage, and finite energy. Also, the flash storage medium on 
sensor nodes differs in a variety of ways from the traditiona ... 

Keywords: eeprom, file system, flash, log structured, reliability, sensor 




The Al pine file system 

M. R. Brown, K. N. Kolling, E. A. Taft 

November 1985 ACM Transactions on Computer Systems (TOCS), volume 3 issue 4 
Publisher: ACM Press 

Full text available: Wi pdf{2.95 MB) Additional Information: full citation , abstract , references , citings, index 
\&3 — terms , review 

Alpine is a file system that supports atomic transactions and is designed to operate as a 
service on a computer network. Alpine's primary purpose is to store files that represent 
databases. An important secondary goal is to store ordinary files representing documents, 
program modules, and the like. Unlike other file servers described in the literature, Alpine 
uses a log-based technique to implement atomic file update. Another unusual aspect of 
Alpine is that it performs all commu ... 



Access Control Models and Mechanisms: Cr yptographic access control in a 
distributed file system 
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Anthony Harrington, Christian Jensen 

June 2003 Proceedings of the eighth ACM symposium on Access control models and 
technologies 

Publisher: ACM Press 

Full text available: ^ pdf(249.24 KB) Additional Information: full citation , abstract , references , index terms 

Traditional access control mechanisms rely on a reference monitor to mediate access to 
protected resources. Reference monitors are inherently centralized and existing attempts 
to distribute the functionality of the reference monitor suffer from problems of 
scalability. Cryptographic access control is a new distributed access control paradigm 
designed for a global federation of information systems. It defines an implicit access 
control mechanism, which relies exclusively on cryptography to provide ... 

Keywords: access control, cryptography, network file systems 



D ecent ra li ze d sto rage systems: Farsite: fede r a te d , avai l ab l e , and reliable storage for 
an incompletely trusted environment 

Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. 
Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, Roger P. Wattenhofer 
December 2002 ACM SIGOPS Operating Systems Review, volume 36 issue si 
Publisher: ACM Press 

Full text available: ^ pdf(1.87 MB) Additional Information: full citation , abstract , references 

Farsite is a secure, scalable file system that logically functions as a centralized file server 
but is physically distributed among a set of untrusted computers. Farsite provides file 
availability and reliability through randomized replicated storage; it ensures the secrecy of 
file contents with cryptographic techniques; it maintains the integrity of file and directory 
data with a Byzantine-fault-tolerant protocol; it is designed to be scalable by using a 
distributed hint mechanism and delegatio ... 

801 s tora g e: architecture a nd programming | 
Albert Chang, Mark F. Mergen 

February 1988 ACM Transactions on Computer Systems (TOCS), volume 6 issue l 
Publisher: ACM Press 

Full text available - Ip pdf d 87 MB) Additional Information: full citation, abstract, references, citings, index 

terms , review 

Based on novel architecture, the 801 minicomputer project has developed a low-level 
storage manager that can significantly simplify storage programming in subsystems and 
applications. The storage manager embodies three ideas: (1) large virtual storage, to 
contain all temporary data and permanent files for the active programs; (2) the 
innovation of database storage, which has implicit properties of access serializability and 
atomic update, similar to those o ... 



1 0 FS2: dynamic data re pl ication in fr ee dis k s pace fo r im p rovin g disk performance and Q 
energ y consumption 
Hai Huang, Wanda Hung, Kang G. Shin 

October 2005 ACM SIGOPS Operating Systems Review , Proceedings of the twentieth 
ACM symposium on Operating systems principles SOSP '05, volume 39 issue 

5 

Publisher: ACM Press 

Full text available:^ pdf(542.63 KB) Additional Information: fu l l citation , abstract , references , i ndex term s 

Disk performance is increasingly limited by its head positioning latencies, i.e., seek time 
and rotational delay. To reduce the head positioning latencies, we propose a novel 
technique that dynamically places copies of data in file system's free blocks according to 
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the disk access patterns observed at runtime. As one or more replicas can now be 
accessed in addition to their original data block, choosing the "nearest" replica that 
provides fastest access can significantly improve pe ... 

Keywords: data replication, disk layout reorganization, dynamic file system, free disk 
space 



11 The architecture of robust publishing s ystems 
Marc Waldman, Aviel D. Rubin, Lorrie Faith Cranor 

November 2001 ACM Transactions on Internet Technology (TOIT), volume l issue 2 
Publisher: ACM Press 

Full text available: ^ pdf(680.21 KB ) Additional Information: full citation , abstract , references , index terms 

The Internet in its present form does not protect content from censorship. It is 
straightforward to trace any document back to a specific Web server, and usually directly 
to an individual. As we discuss below, there are valid reasons for publishing a document in 
a censorship-resistant manner. Unfortunately, few tools exist that facilitate this form of 
publishing. We describe the architecture of robust systems for publishing content on the 
Web. The discussion is in the context of Publius, as that ... 

Keywords: Censorship resistance, Web publishing 




12 PARADISE: an advanced featured parallel file system 
vg^, Maciej Brodowicz, Olin Johnson 

>^ July 1998 Proceedings of the 12th international conference on Supercomputing 
Publisher: ACM Press 

Full text available:^ pdf(992.07 Additiona , information: ful l cita ti on , references, index te rms 
KB) 



1 3 Affinity-based mana g ement of main m e mor y data ba se c lus te rs 
Minwen Ji 

November 2002 ACM Transactions on Internet Technology (TOIT), Volume 2 issue 4 
Publisher: ACM Press 

Full text available: ^ pdf(553.96 KB) Additional Information: ful l cita ti on , ab s tr act , references , index terms 

We study management strategies for main memory database clusters that are interposed 
between Internet applications and back-end databases as content caches. The task of 
management is to allocate data across individual cache databases and to route queries to 
the appropriate databases for execution. The goal is to maximize effective cache capacity 
and to minimize synchronization cost. We propose an affinity-based management system 
for main memory database cLUsters (ALBUM). ALBUM executes ea ... 

Keywords: Main memory database, clustering, database administration, database 
cluster, file organization, query affinity, scalability 




14 HFS: a performance-oriented flexibl e file s ys te m bas ed on b u ilding- b lock 
compositions 

Orran Krieger, Michael Stumm 

August 1997 ACM Transactions on Computer Systems (TOCS), volume is issue 3 
Publisher: ACM Press 

Additional Information: full citat ion, a b s tract, references, citings, index 
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Full text available: ^ pdff383.87 KB) terms , review 

The Hurricane File System (HFS) is designed for (potentially large-scale) shared-memory 
multiprocessors. Its architecture is based on the principle that, in order to maximize 
performance for applications with diverse requirements, a file system must support a wide 
variety of file structures, file system policies, and I/O interfaces. Files in HFS are 
implemented using simple building blocks composed in potentially complex ways. This 
approach yields great flexibility, allowing an application ... 

Keywords: customization, data partitioning, data replication, flexibility, parallel 
computing, parallel file system 



15 RAID: high-performance, reliable secondary stora ge 

Peter M. Chen, Edward K. Lee, Garth A. Gibson, Randy H. Katz, David A. Patterson 
June 1994 ACM Computing Surveys (CSUR), Volume 26 Issue 2 
Publisher: ACM Press 

Full text available - f g&l pdf(3 60 M B) Additional Information: full citation , abstract , r e ferences , citings, index 
^ terms, review 

Disk arrays were proposed in the 1980s as a way to use parallelism between multiple 
disks to improve aggregate I/O performance. Today they appear in the product lines of 
most major computer manufacturers. This article gives a comprehensive overview of disk 
arrays and provides a framework in which to organize current and future work. First, the 
article introduces disk technology and reviews the driving forces that have popularized 
disk arrays: performance and reliability. It discusses the tw ... 

Keywords: RAID, disk array, parallel I/O, redundancy, storage, striping 



16 Safely executing untrusted code: Model-carrvin g code: a practical approach for safe fjj 

(i> execution of untrusted a p plications 

R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar, Daniel C. DuVarney 
October 2003 Proceedings of the nineteenth ACM symposium on Operating systems 

principles 
Publisher: ACM Press 

Full text available* f0 pdf(301 30 KB) Additional Information: full citation , abstract , references , citing s, index 

This paper presents a new approach called model-carrying code (MCC) for safe execution 
of untrusted code. At the heart of MCC is the idea that untrusted code comes equipped 
with a concise high-level model of its security-relevant behavior. This model helps bridge 
the gap between high-level security policies and low-level binary code, thereby enabling 
analyses which would otherwise be impractical. For instance, users can use a fully 
automated verification procedure to determine if the code ... 

Keywords: mobile code security, policy enforcement, sand-boxing, security policies 



17 Hive: fault containment for shared-memory multiprocessors 
J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, A. Gupta 

December 1995 ACM SIGOPS Operating Systems Review , Proceedings of the fifteenth 
ACM symposium on Operating systems principles SOSP '95, volume 29 
Issue 5 

Publisher: ACM Press 

Full text available: ^pdf(1. 90 MB) Additional Information: full citation , references , citings, index terms 
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18 O perating System Structures to Su p port Security and Reliable Software 
Theodore A. Linden 

December 1976 ACM Computing Surveys (CSUR), volume 8 issue 4 
Publisher: ACM Press 

Full text available: ^ pdf(3.49 MB) Additional Information: full citation , references , citings , index terms 



19 Astrolabe: A robust and scalable technology for distributed system monitoring, 
^ manag ement and data mining 

Robbert Van Renesse, Kenneth P. Birman, Werner Vogels 
May 2003 ACM Transactions on Computer Systems (TOCS), volume 21 issue 2 
Publisher: ACM Press 

Full text available* 1SI |pdf(341 62 KB) Additional Information: full citation , abstra ct, references , c itings , index 

: terms 

Scalable management and self-organizational capabilities are emerging as central 
requirements for a generation of large-scale, highly dynamic, distributed applications. We 
have developed an entirely new distributed information management system called 
Astrolabe. Astrolabe collects large-scale system state, permitting rapid updates and 
providing on-the-fly attribute aggregation. This latter capability permits an application to 
locate a resource, and also offers a scalable way to track sys ... 

Keywords: Aggregation, epidemic protocols, failure detection, gossip, membership, 
publish-subscribe, scalability 



20 Configuration management & security: Secure sharing between untrusted users in a j| 
transparent source/binary deployment model 
Eelco Dolstra 

November 2005 Proceedings of the 20th IEEE/ACM international Conference on 
Automated software engineering ASE '05 

Publisher: ACM Press 

Full text available: ^ pdf(276.98 KB) Additional Information: full cita tion, abstract, ref erences, index te rms 

The Nix software deployment system is based on the paradigm of transparent 
source/binary deployment: distributors deploy descriptors that build components from 
source, while client machines can transparently optimise such source builds by 
downloading pre-built binaries from remote repositories. This model combines the 
simplicity and flexibility of source deployment with the efficiency of binary deployment. A 
desirable property is sharing of components: if multiple users install fro ... 

Keywords: configuration management, hash rewriting, secure sharing, security, software 
deployment, source deployment 
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Conference Date: 18-19 Feb. 1985 Conference Location: London, UK 

Language: English Document Type: Conference Paper (PA) 
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Abstract: One essential requirement of an electronic fund transfer (EFT) 
system is that institutions must be able to join together in a common EFT 
network, defined as an interchange, such that the EFT security of each 
institution is independent of the security measures implemented at other 
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Claim 

. . . the network, the data relating to the sale of goods by the stores and 
including second identification information more recent than the 
first identification information ; 

C) allowing access to the data utilizing a network-based interface; 

d) comparing the first identification information with the second 
identification information ; and 

e) updating the registration of the stores based on the comparison. 104. 
A system. . . 

...and including second identification information more recent than the 
first identification information; C) logic for allowing access to the 
data utilizing a network-ba sed interface; d) logic for comparing the. 
first identification information with the second 
identification information ; and 

e) logic for updating the registration of the stores based on the 
comparison. 105... 
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NOVELTY - The current password is retrieved from security 
information in memory device accessible only during power on self test 
(POST) and hard-locked prior to loading operating system. A hash is 
generated using the current password appended, responsive to detecting 
a change request within non-volatile buffer. The security information 
is updated according to the change request, when hash generated 
matches a hash within the buffer. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
following : 

(1) Security information updating system; and 

(2) Security information updating program. 

USE - For remotely managed data processing system. 

ADVANTAGE - Enables authentication of a remote entity to allow 
changes by the remote entity to hard-locked security information 
without compromising security, closing the current void between remote 
manageability and security. Allows a secure client to be remotely 
managed . 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
the data processing system, 
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User identity authentication for computer network, by sending template 
with biometric data to client and computing primary and secondary 
messages at host and client respectively, based on which authenticity is 
judged 
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NOVELTY - User identifier is received from clients (102,104,106) at 
host systems (108,110,112), and associated template with biometric data 
is retrieved. Client compares template with biometric sample. Primary 
message is computed using template, comparison result and an 
encryption key. Host computes secondary message using primary message 
received from client, based on which user is allowed to access the 
host system. 

DETAILED DESCRIPTION - The secondary message digest is computed on 
the host system using template, comparison result indicating successful 
match between biometric sample and template, and encryption key. The 
templates are retrieved from database of templates by the host system. 
The template includes fingerprint data, retinal scan data, voice data 
or handwriting data. INDEPENDENT CLAIMS are also included for the 
following : 

(a) Apparatus for authenticating identity of user; 

(b) User authentication program 
USE - Used for computer network. 

ADVANTAGE - Using the template in computing the message, digest 
provides an additional measure of security, because the message digests 
do not match unless the client also used the template for computing 
message digest. This indicates that the client computed the comparison 
result using the same template. The use of randomized number in 
computing the message digest, prevents a simple mode of attack. Client 
using comparison threshold prevents malicious user on the client from 
setting the comparison threshold to an arbitrary low value in order to 
gain unauthorized access to the host system. Thus, the method achieves 
secured access of client to the host system. 

DESCRIPTION OF DRAWING (S) - The figure shows the client computer 
system coupled to host system through network. 

Clients (102,104,106) 

Host systems (108,110,112) 
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Abstract (Basic) : RD 425106 A 

NOVELTY - An embedded security coprocessor can be used to sign an 
executable using a private key stored in the coprocessor and the 
signature is compared to an attached signature on the executable to 
determine if execution is to be allowed. The coprocessor can also be 
used to obtain a DES key, which is used to decrypt the executable 
before it is run or the header of the executable can be decrypted using 
a DES key obtained via the hardware security coprocessor. The 
executable would be hashed and the two hashes • compared , to 
determine if execution will be allowed. 

USE - Restricting execution of unlicensed or virus-infected 
software on a hardware platform. 
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ID code protection device for mobile radio telephone - stores ID number 
and encrypted ID number in memory and performs comparison with input 
number each time telephone is to be used to authorise or prevent 
access 
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Abstract (Basic) : EP 835007 A 

The device has an ID number (ESN) which is stored in device memory 
(54) . The ID number is encrypted using and this encrypted code is also 
stored in the memory. These codes are placed in memory during device 
manufacture . 

Each time the device is used, an active protection comparison 
system (K10) encrypts an incoming number and compares it with the 
stored encrypted number. If the numbers agree, the mechanism is 
activated and the stored ID number is re-encrypted. 

USE - AMPS, TAC or ETAC system. 

ADVANTAGE - Provides improved protection against fraudulent use 
without utilising constructor code. Low cost. 
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Abstract (Basic) : EP 1016926 A2 

NOVELTY - Film is registered by docking (138) in input device and 
reading first segment of identifier marked on film, which includes one 
or both segments of access code. One segment of access code is 
encryption of other segment. User or holder of film can only access 
data stored in look-up table (12) if code value obtained by decrypting 
first segment , matches second segment. 

DETAILED DESCRIPTION - Film is registered by docking in input 
device and reading first segment of identifier marked on film. 
Identifier includes one or both segments of access code. One segment is 
encryption of other. User or holder of film can only access data stored 
in look-up table (12) if code value obtained by decrypting first 
segment , matches second segment. Key used to decrypt encrypted first 
segment of access code, is maintained and supplied by input or photo 
finishing unit (14), or by gatekeeper part of look-up table. Key is 
based on symmetric encryption-decryption algorithm or asymmetric 
encryption-decryption algorithm. 

USE - To access film photo finishing data stored in remote look-up 
table for one-time use camera. 

DESCRIPTION OF DRAWING (S) - View of system including access coded 
film unit . 

Look-up table (12) 

Photo finishing unit (14) 
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Financial services subscriber access method e.g. for remote banks, 
insurance companies - using unique identifiers for each customer and each 
card which are verified when card is used by comparison with stored ID 
data and encrypted data sent from card via communications network 
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Abstract (Basic) : FR 2753860 A 

The method involves the bank or insurance company providing each of 
their customers with a credit card type card (10) which contains unique 
identifiers for each card and for each customer. The card generates 
short acoustic encrypted ID signals of DTMF type when it is used. 

The acoustic signals are received at a microphone and transmitted 
to the bank or insurance company via a communications network. The ID 
signals are processed and decrypted and compared with the ID data for 
the card and for the customer and access to services is permitted 
if they coincide. 

ADVANTAGE - Allows subscribers rapid remote access to bank or 
insurance services while preventing fraudulent access or use of stolen 
card . 
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Compressed file name generating method in client-server system, involves 
comparing generated file names, based on which file command is executed 
with respect to file identified by particular file name 
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Abstract (Basic) : US 6134597 A 

NOVELTY - The server is activated by a request from user and 
without reference to any prompting for user assigned credentials to 
build respective input strings with user profile from respective 
requests, user attitude and hidden key. File names are generated by 
concatenating tags generated by hashing input strings with fixed 
identifiers. The file names are compared based on which file command is 
executed. 

DETAILED DESCRIPTION - User attribute and a hidden key value- are 
stored at server. Initial request including file name, user profile and 
file data is communicated from user to server. The server is operated 
in response to initial request and without reference to any prompting 
for user assigned credentials. A first input string including the user 
profile is built from initial request, user attribute and hidden key 
value. The first input string is hashed to generate a first tag which 
is concatenated with fixed identifier to generate a first file name for 
file data. The first data identified by first file name is stored. A 
subsequent request including user profile, file name and file command 
is communicated to server from user. The server is operated at session 
initialization in the same manner to build a second input string. A 
second file name is generated by concatenating second tag generated 
by hashing second input string. The second file name is compared 
with first file name and if they are equal, the file command is 
executed with respect to file identified by first file name. 
INDEPENDENT CLAIMS are also included for the following: 

(a) server system; 

(b) client * access authorizing program 

USE - In client-server system such as in TCP/IP or Internet 
environment . 

ADVANTAGE - P rovides a system for identifying objects with a user 
unique, compressed tag. Provides a user unique, compressed tag in a 
manner which is transparent to the user. Provides a user unique, 
compressed tag from publicly available information. 

DESCRIPTION OF DRAWING (S) - The figure shows conceptual diagram 
illustrating several programming entities and objects of client-server 
system. 
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information in authenticating computer to authenticate user to access 
required data 
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Abstract (Basic) : WO 200019300 Al 

NOVELTY - The user's computer remote from authenticating entity 
stores encrypted data . The authenticating computer at 
authenticating entity compares identity information received from 
user with a prestored identity information, so that if both information 
are correlated, user is authenticated to access desired data by 
automatically providing an access key. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
user authentication system. 

USE - For authenticating data accessing by user in computer system. 

ADVANTAGE - Allows user to gain access to computer data even if 
password is forgotten while maintaining the data security. 

DESCRIPTION OF DRAWING (S) - The figure shows the security system, 
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